If you’ve followed Tigunia for a while, or if you attended Summit, you’ll know that we direct a lot of our attention to cybersecurity and data hosting. Part of how we help to secure our clients and friends is through education.
Pretty much everyone knows what phishing is, but here’s a refresher. Below is a scenario of how a bad actor may try to access your Office 365 data.
Preparing the Bait
Under the guise that the victim has received an email notifying them that they have a voicemail in Microsoft teams, the hacker has prepared a landing page designed to look identical to the Microsoft Teams application. This will be used as a credential harvester, where the victim is fooled into entering their Office 365 credentials.
It is visible in the URL bar that this is a valid “sway.office.com” website, served with HTTPS so the target feels they are on a safe website. Even after examining the certificate, the end user can see this is a legitimate Microsoft signed webpage.
Catching the Phish
As the victim falls for the bait, they click to “Login” and are directed to a new page where they are prompted for their Office 365 credentials. This is not the real Office 365 login page, but a rather a fake credential harvester, set up as a decoy to trick the target into entering their email and password.
An observant end user might notice the URL in the address bar has changed—however the webpage is still being served with a valid HTTPS certificate.
None-the-wiser, the victim enters their email and password. The page then notifies them that their password is incorrect, and the target may very well enter their credentials one more time. Regardless, the hacker has now captured and received the victims’ credentials. The attacker has successfully masqueraded as a valid application and fooled the target into willingly offering their own access.
This is a pretty common example of phishing.
But the existence of common forms of phishing implies the existence of uncommon forms of phishing. While rare, it’s still important to learn how to recognize them.
Vishing is essentially phishing that is completed over the phone (think voice + phishing). These are not as easily recognizable because it can be easy for a bad actor to speak with clarity and confidence behind a phone. And with the availability of the average person’s data online (particularly through social networking sites), a person can easily establish a connection with you by referencing your place of work, a former place of working, or several shared connections with colleagues.
Make sure you know the person on the phone, and do not share any personal or company information unless you do.
Smishing is like vishing, but through SMS text messaging. These are more common than they used to be, but still not as common as traditional email phishing. These usually come from unknown numbers and carry a serious call-to-action. It can be an invitation to receive order updates or tracking information, an alert about a recent hack, or a billing issue with your phone provider. One you click the link, the issues start. It’s best to ignore these, and follow-up on any convincing ones via phone or website.
Search Engine Phishing
Search engine phishing refers to the creation of a fake webpage and listing it on a search engine through organic results. Occasionally, one of these may slip through and be promoted as an advertisement, as well. When the link is clicked, the page may initiate a download or direct to another malicious site.
You’ll only want to visit websites that you trust and preview website links in search engines by hovering the cursor over the link and viewing the link preview in the bottom left of the webpage. If the links match up, it’s less likely that it’s a scam. You can also bypass search engines by typing in direct URLs.
Angler phishing is the act of masquerading as a customer service agent on social media to solicit personal information from customers. Think of the last time you complained about a large company on social media. There’s a good chance that the company responded, even if you didn’t tag them. Occasionally, the agent on the other end may be a bad actor.
Always ensure that you’re interacting with the verified customer service accounts, and never send personal information in these chats. Most companies will direct you to their secure website when personal information needs to be communicated.
A homograph phishing attack refers to the usage of similar looking words or characters that can easily be misread or overlooked. For example, a user could receive an email with free gift card offer or order information from with an embedded link directing arnazon.com or starducks.com.
If the text is bolded or small in font, it’s easy to read over this and think that it’s directing to Amazon or Starbucks, respectively. Always read your emails carefully, especially when the sender is unfamiliar.
This is far less common than it used to be because most browsers default to blocking pop-ups. However, occasionally these intrusive pop-ups still get through, and older computer models running older applications are far less reliable. In-session phishing occurs when a pop-up displays within the browser while you’re on a webpage.
It can bypass pop-up blockers because it isn’t actually a new page. It’s a section of a page within the open webpage, and it occasionally will box itself in to present itself as if it is a trust pop-up. It’s best to ignore any kind of pop-up like this, and usually best practice to navigate away from the malicious site entirely.
Evil Twin Phishing
This kind of phishing refers to the creation of phony Wi-Fi networks to serve as an access point for users. Though it may appear legitimate, this kind of malicious wireless network exists to spy on a user’s web traffic and communications. The bad actor may even be able to steal your passwords and private information by creating a fraudulent website and luring people to it.
Avoid public access points, such as unsecure Wi-Fi in shopping malls and airports, whenever possible. And always use multi-factor authentication to alleviate the potential fall out from any of your passwords getting compromised.
Pharming is the redirection of traffic from a trusted, reputable site to a fake site. In this case, it can be done by installing malicious program on a user’s computer or by exploiting a DSN server. A malicious program can automatically redirect a user to a different website. A compromised DNS server will return fake IP addresses when a user’s device is searching for a specific website.
Always verify that you’re on the correct website by checking the URL and by checking the connection to the website in your browser. And again, always use a password manager and an anti-malware program.
Protecting your data takes more than a good antivirus and a strong password. An end user will always be an access point for bad actors. That’s why it’s important to remain vigilant and informed.
For more information on how to stay protected, contact Tigunia today.